Deployment and Installation Center
Websense TRITON Enterprise v7.6.x

Library Search:


Go to the table of contents Go to the previous page Go to the next page Go to the index
Initial Configuration > Configuring a stealth mode NIC

Configuring a stealth mode NIC
Applies to
*
Web Filter v7.6
*
Web Security v7.6
*
Web Security Gateway v7.6
*
Web Security Gateway Anywhere v7.6
Configuring a stealth mode NIC
Websense software can inspect all packets with a monitoring NIC (network interface card) that has been configured for stealth mode. A NIC in stealth mode has no IP address and cannot be used for communication. Security and network performance are improved with this configuration. Removing the IP address prevents connections to the NIC from outside resources and stops unwanted broadcasts.
If Network Agent is configured to use a stealth-mode NIC, the installation machine must have multiple NICs. If Network Agent is installed on a separate machine, a second, TCP/IP-capable interface (i.e., it is not in stealth mode) must be configured to communicate with Websense software for filtering and logging.
During installation, stealth-mode interfaces do not display as a choice for Websense communications. Make sure you know the configuration of all the interfaces in the machine before attempting an installation.
 
* 
Important 
On Linux, stealth mode NICs appear together with TCP/IP-capable interfaces and must not be selected for communication.
Stealth mode for the Network Agent interface is supported on Windows and Linux.
Windows
Configure a NIC for stealth mode as follows.
1.
Go to Start > Settings > Network and Dial-up Connection to display a list of all the interfaces active in the machine.
2.
Select the interface you want to configure.
3.
Select File > Properties.
A dialog box displays the NIC connection properties.
4.
Clear the Internet Protocol (TCP/IP) checkbox.
5.
Click OK.
Linux
To configure a NIC for stealth mode in Linux, disable the Address Resolution Protocol (ARP), which breaks the link between the IP address and the MAC address of the interface. Run the following commands, replacing <interface> with the NIC's name, for example, eth0.
*
To configure a NIC for stealth mode, run this command:
ifconfig <interface> -arp up
*
To return the NIC to normal mode, run this command:
ifconfig <interface> arp up
 
* 
Important 
Network Agent can work with a stealth mode NIC only if the interface retains its old IP address in the Linux system configuration file, /etc/sysconfig/network-scripts/ifcfg-<adapter name>.

Quick Links



Go to the table of contents Go to the previous page Go to the next page Go to the index
Initial Configuration > Configuring a stealth mode NIC
(c) 2011 Websense, Inc. All Rights Reserved.